#!/bin/sh
#
# Plugin to monitor auth.log for sshd server events.
#
# Require read permitions for $LOG 
#  (set in /etc/munin/plugin-conf.d/munin-node on debian)
# On busy servers you can change value type to COUNTER and set min to 0 to avoid minus peaks at logrotate
#
# $Log$
# Revision 1.1  2009/04/26 23:28:00  ckujau
# Revision 1.0  2009/04/22 22:00:00  zlati
# Initial revision
#
# Parameters:
#
#       config   (required)
#       autoconf (optional - used by munin-config)
#
# Magick markers (optional):
#%# family=auto
#%# capabilities=autoconf

LOG=/var/log/auth.log
if [ "$1" = "autoconf" ]; then
        if [ -r "$LOG" ]; then
                echo yes
                exit 0
        else
                echo no
                exit 1
        fi
fi

if [ "$1" = "config" ]; then

        echo 'graph_title SSHD auth.log stats (rotated weekly)'
        echo 'graph_args --base 1000 -l 0'
        echo 'graph_vlabel logins'
        echo 'graph_category system'
        echo 'LogPass.label Successful password logins'
#	   echo 'LogPass.type COUNTER'
#	   echo 'LogPass.min 0'
        echo 'LogKey.label Successful PublicKey logins'
        echo 'NoID.label No identification from user'
        echo 'rootAttempt.label Root login attempts'
        echo 'InvUsr.label Invalid user login attepmts'
        echo 'NoRDNS.label No reverse DNS for peer'
        exit 0
fi

echo LogPass.value `egrep -c "sshd\[.*Accepted\ password\ for" $LOG`
echo LogKey.value  `egrep -c "sshd\[.*Accepted\ publickey\ for" $LOG`
echo NoID.value    `egrep -c "sshd\[.*Did\ not\ receive\ identification\ string" $LOG`
echo rootAttempt.value `egrep -c "sshd\[.*Failed\ password\ for\ root" $LOG`
echo InvUsr.value  `egrep -c "sshd\[.*Invalid\ user" $LOG`
echo NoRDNS.value  `egrep -c "sshd\[.*reverse\ mapping\ checking\ getaddrinfo" $LOG`

